Set to come into effect in 2013, Bill 28, the Fighting Internet and Wireless Spam Act (FISA), will make it illegal to send commercial electronic messages (CEMs) to recipients without their expressed or implied consent.
Companies that fail to comply with the legislation could face penalties of up to $10 million per violation.
FISA has major implications for how every business in Canada communicates with clients and potential clients.
There are three main activities that are covered under the new anti-spam legislation.
•Sending of CEMs. CEMs are defined as any electronic communication that encourages participation in a commercial activity, regardless of whether there is an expectation of profit. The new and broad definition of “electronic message” includes a message sent over any means of telecommunication. So aside from email or instant messaging on mobile devices, it includes text, sound, voice or image, and therefore covers voice mail messages, webcam messages and the electronic exchange of pictures or graphic files.
•Alteration of transmission data in an electronic message in the course of a commercial activity. An example is when an electronic message is sent to a destination that is different from what the sender intended.
•Installation of a computer program on another person’s computer in the course of a commercial activity. Cookies, HTML code and java scripts are exempt. Upgrades and version updates to software are also OK, so long as consent was obtained for the first software installation.
Because each business is different, the anti-spam legislation should be thoroughly reviewed.
Here are some highlights to help you get started.
•Expressed consent must be received before a business can take part in any of the above three activities, namely, sending CEMs, altering transmission of data in a CEM or installing a computer program on someone’s computer. Consent must be obtained separately for each, i.e., the customer must be able to agree to one without having to agree to the others.
•When using “toggling” to obtain consent on a website, a pre-checked box giving consent to subscribe to communications is not acceptable. The checkbox must be unchecked by default and the consumer must check it to give consent.
•Implied consent is also acceptable. Implied consent is where an existing business relationship exists with a client or the electronic messages are relevant to the recipient’s business, role, function or duties, or the electronic address has been conspicuously published/disclosed (for example, on a public website), without a statement that the person does not wish to receive unsolicited commercial electronic messages.
•Because the onus will be on the message sender to prove consent was received, it will be necessary to record the date, time, purpose and manner of that consent and store that information in a database. Voice recordings of oral consent (through a call centre, for example) are also valid.
•The message sender (and its affiliates if the message is sent on behalf of multiple parties) must be clearly identified in all messages.
•The mailing address of the sender(s) must also be included in each message, including in the request for consent.
•Each CEM must include an “unsubscribe” mechanism that is shown “clearly and prominently” and be “readily performed,” meaning it must be accessed without difficulty or delay and should be simple, quick and easy for the consumer to use. An example is a link in an email to a web page where a user can unsubscribe from receiving all or some types of CEMs from the sender. For short message service (SMS) or text messages, the user may choose between replying to the text message with the word “stop” or “unsubscribe” or click a link to a web page to unsubscribe from all or some types of CEMs.
Cybele Negris is the president and co-founder of Webnames.ca, Canada’s original .ca registrar. She serves on the boards of Small Business BC, Small Business Roundtable of BC and the Forum for Women Entrepreneurs.
